Heine

  • Home
  • Drupal
  • About
Home

bug2exploit

From bug to exploit - Bakery SSO

Heine —Mon, 2013/02/18 - 12:59

I recently evaluated the Bakery Single Sign-On System aka Bakery SSO aka Bakery on behalf of clients. This article describes how I moved from finding a small weakness in version 2.x-alpha-3 to an exploit.

If you haven't updated all your sites to Bakery 2.0-alpha4 (6.x, 7.x), go and do so now.

  • Security
  • bug2exploit
  • Planet Drupal
  • Drupal
  • Read more about From bug to exploit - Bakery SSO

Explaining the Drupal < 7.16 Installer vulnerability

Heine —Wed, 2012/10/24 - 11:24

SA-CORE-2012-003 fixes an issue in the Drupal installer that enables an attacker to cause the site to use a different attacker-controlled database.

The installer vulnerability was found while preparing my DrupalJam presentation (NL) on security audits and reported via the (awesome!) SecuriTeam Secure Disclosure program. As promised on IRC & Reddit, here's some additional information on the root cause(s).

  • Security
  • Drupal
  • Planet Drupal
  • bug2exploit
  • Read more about Explaining the Drupal < 7.16 Installer vulnerability
  • 3 comments

Gain administrator privileges via an XSS vulnerability in Recipe

Heine —Tue, 2007/02/20 - 22:53

For those with the tendency to downplay cross site scripting (XSS) vulnerabilities, a small videocast on how a vulnerability in the contributed module Recipe can get an attacker administrator access to a Drupal site. The vulnerability was fixed with DRUPAL-SA-2006-014 a long time ago, so I feel it's safe to publish the video now.

ยป Videocast.

  • Drupal
  • Security
  • Planet Drupal
  • bug2exploit
  • Read more about Gain administrator privileges via an XSS vulnerability in Recipe
Subscribe to bug2exploit

Recent posts

  • Other vectors for SA-CORE-2014-005?
  • Lazy loading: hook_hook_info is for hook owners only.
  • "Always offline" problem in EA's Origin due to antivirus
  • From bug to exploit - Bakery SSO
  • Solving getting bogus dates via MSSQL_QUERY
more

Security reviews

I provide security reviews of custom code, contributed modules, themes and entire sites via LimoenGroen.

Contact us for a quote.

Follow @Ustima

Copyright © 2016 by Heine Deelstra. All rights reserved.

  • Home
  • Drupal
  • About